Skip to content
The Nexus
DossierENTITY

security vulnerabilities

Coverage of security vulnerabilities in the Nexus archive.

Earliest in view: Apr 9 · 12:57 UTCMost recent: Jul 1 · 07:34 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 1 · 07:34 UTCBLEEPING COMPUTER
    Adobe patches seven max severity ColdFusion, Campaign flaws

    Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. The vulnerabilities affect both platforms, which are widely used for enterprise applications and marketing workflows.

  • SECURITYJun 8 · 15:51 UTCBLEEPING COMPUTER
    Critical UniFi OS bug lets hackers gain root without authentication

    A critical bug in Ubiquiti UniFi OS allows hackers to gain root access without authentication by chaining three fixed vulnerabilities. Attackers can execute remote code with elevated privileges through this exploit.

  • SECURITYJun 1 · 20:28 UTCRECORDED FUTURE NEWS
    Inspector general finds NIST mistakes have made vulnerability database ineffective

    An inspector general report found that NIST's National Vulnerability Database (NVD) backlog of unprocessed security vulnerabilities grew from 13,000 in February 2024 to over 27,000 by late 2025, undermining the database's utility and public trust.

  • TECHNOLOGYMay 27 · 23:42 UTCHACKER NEWS
    You Should Not Update Your Dependencies

    The article argues against regularly updating software dependencies due to risks like breaking changes, security vulnerabilities, and compatibility issues. It references a Hacker News discussion where users debate the trade-offs of dependency management.

  • WORLDMay 26 · 14:11 UTCTHE DIPLOMAT
    Brussels Needs a New Narrative on China-EU Relations

    The article argues that Brussels must develop a strategically positive narrative to address security vulnerabilities in the EU's economic relationship with China. It emphasizes embedding policies within a coherent framework to strengthen Europe's position.

  • SECURITYApr 28 · 16:06 UTCHACKER NEWS
    AI uncovers 38 vulnerabilities in largest open source medical record software

    AI discovered 38 critical security vulnerabilities in the largest open-source medical record software, which is used by 100,000 healthcare providers. The findings were reported in a blog post by Aisle and discussed on Hacker News with 52 points and 41 comments.

  • SECURITYApr 27 · 15:31 UTCHACKER NEWS
    The Woes of Sanitizing SVGs

    The article discusses the challenges and security risks associated with sanitizing SVG files, highlighting the complexity of ensuring they are safe from malicious code. It references a blog post and Hacker News comments, indicating ongoing community debate.

  • SECURITYApr 23 · 18:43 UTCRECORDED FUTURE NEWS
    Surveillance companies exploiting telecom system to spy on targets’ locations, research shows

    Surveillance companies exploited weaknesses in telecom infrastructure to secretly mimic real cellular providers and track victims' locations, according to research. The campaigns leveraged vulnerabilities in the system to enable unauthorized location tracking.

  • SECURITYApr 17 · 18:43 UTCHACKER NEWS
    Even "cat readme.txt" is not safe

    The article highlights a security vulnerability where even basic commands like 'cat readme.txt' can expose sensitive data, emphasizing risks in software development practices. It references a Hacker News discussion with 41 points and 19 comments.

  • SECURITYApr 17 · 17:48 UTCTECHCRUNCH
    Hackers are abusing unpatched Windows security flaws to hack into organizations

    A security researcher disclosed three vulnerabilities in Windows Defender along with exploit code. Hackers are now exploiting these flaws in real-world attacks, as reported by a cybersecurity firm.

  • SECURITYApr 17 · 14:47 UTCDARK READING
    Every Old Vulnerability Is Now an AI Vulnerability

    The article discusses how AI is not creating new security vulnerabilities but instead amplifying existing ones, highlighting the risks associated with legacy issues in the context of AI advancements.

  • SECURITYApr 15 · 17:52 UTCTHE REGISTER
    Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP

    Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass login and execute unauthorized commands over HTTP. No active exploitation reports yet, but warnings urge vigilance against potential future attacks.

  • SECURITYApr 9 · 12:57 UTCTHE HACKER NEWS
    ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

    The ThreatsDay Bulletin highlights a hybrid P2P botnet, a 13-year-old Apache RCE vulnerability resurfacing, and 18 other security issues. The report emphasizes overlooked vulnerabilities, questionable security practices, and attackers exploiting trusted platforms.